Hello, what privacy problems are there in using a Ledger? Do Ledger know how many crypto I have?
Using a Ledger or any hardware wallet is not a privacy concern. Using the Ledger Live app with your Ledger is though, because not only can Ledger see your transactions (as anyone can on the Blockchain) but they can trivially tie that to your IP address and other device info, because they store all that metadata on their nodes.
If you are concerned about privacy with Ledger you should use a local wallet app which works with Ledger instead of Ledger Live, which will depend on the cryptocurrencies you use of course (for example: MetaMask for Ethereum, Electrum for Bitcoin, etc.).
All that being said, virtually all cryptocurrencies besides Monero will record every transaction you make on the permanent blockchain which anyone can view, so I would not use them for transactions requiring privacy in the first place.
1 Like
In my opinion, buying a product with a credit card to be sent to your address from a company known for its compliance is a huge privacy concern whether using the live app or not.
Not to mention it’s closed source and that the soft in the “hard”wallet can be updated (for example to send the seed to distant servers see Why Ledger’s New Seed Phase Recovery Update Is Dangerous? )
ledger is a third party to be trusted, pretty much the antithesis of Satoshi white paper.
What is needed is an electronic payment system based on cryptographic proof instead of trust,
allowing any two willing parties to transact directly with each other without the need for a trusted
third party.
We lost the initial plot somewhere trusting third party for the security of the keys.
2 Likes
The problem is that its closed source, not that it can be updated.
It would be very stupid if it couldn’t be updated.
If it can be updated to export seeds, it’s neither cold nor hard.
Maybe they want to change the name of their devices: pen drive with proprietary software for sort of secure hot wallet.
Getting targeted once someone discovers you’re a ledger customer is the biggest concern. So preventing that discovery is the first step. Acquire the device anonymously and never sign up for any ledger web services. And don’t go posting your cool ledger pics with your rolex watch on social media.
If someone finds out you’re holding crypto on a ledger (something broke people don’t usually do), things could escalate to you having masked people outside your house. Ledger has had too many breaches, whether third party or not, it’s unacceptable and all of their customers are high value targets for cybercriminals.
It could just as well directly ship with malicious firmware.
The problem with Ledger is, that they are proprietary.
Get a Trezor or a Bitbox
If someone finds out you have a hardware wallet, whether by seeing your purchase of it, seeing you carry it or seeing it laying around on your desk, they may suspect you own enough crypto to justify owning a hardware wallet. Conversely, owning a generic device like a phone or laptop doesn’t raise suspicion you own crypto. Generally everyone who owns crypto would be wise to practice good opsec. The first few minutes of this video discusses physical attacks against crypto users and opsec’s importance. Talk about crypto but don’t talk about your own crypto.
since it is possible to update the firmware to leak the seeds, i’d say it was totally shipped with malicious malware ! (as none of their client would expect that, it can be called malicious imo)
better (and cheaper!) than trusting corps => https://medium.com/@mycapcap/true-satoshi-maximalist-alternatives-ditch-the-brands-build-your-own-air-gapped-setup-c4db922df78f